Last week I wrote about the neutralization of the botnet GameOver Zeus which powered the ransomware CryptoLocker. It was then estimated that IT staff had a two-week window before a new round of attacks would follow.

New variants of CryptoLocker are already in the wild and have increased their presence in the space vacated by the neutralized CryptoLocker. CryptoWall, CryptoDefense, and CryptorBit are highlighting what made CryptoLocker so successful while adding new features and making them harder to detect and remove.

Security firm Bromium Labs, in a blog entry titled The Ransomware Games have begun, has discovered that CryptoDefense is spreading via boobytrapped webpages via a Java exploit. Their research shows that 137 file types are hardcoded in the binary, the original CryptoLocker only included 72 file types for encryption.

Seacoastonline is reporting that the Police Department of Durham New Hampshire computer system was infected and locked down by CryptoWall on Friday June 6. Town Administrator Todd Selig stated "Our IT department is working on this and we hope to have the Police Department system up and running again in a day or two. But we are definitely not paying any ransom."

According to Selig, an officier opened an e-mail attachment at about 10 p.m. Thursday and by Friday morning widespread issues were reported.

The next stage of Crypto viruses is here and while CryptoWall, CryptoDefense and CryptorBit are taking their attacks further by disabling system restore functionality and removing local shadow copies, or the technology included in Windows that allows for automatic backup copies or snapshots of computer files or volumes.

Current anti-virus and malware scanners still are unable to detect the presence of any of the Crypto variants which are typically delivered via an e-mail link to an infected web-site.

Sadly, this latest stage of Crypto viruses won't be the last. But you can protect yourself by maintaining backups on an external drive or cloud service and be observant of phishing e-mails by looking for your name in the address field, read the body of the e-mail, and compare the url shown in the e-mail and the link it takes you to by hovering the link.